The challenges of cyber forensics and investigation

ITWeb Security Summit 2017

Registration is already open for the ITWeb Security Summit 2017, which will have six international plenary speakers, #SS17HACK launch, three training courses, and much more to choose from. Yusuph Kileo, cyber security and digital forensics expert, National Cybersecurity Forum (Tanzania) and board member, Africa ICT Alliance (AfICTA) will present on incident management, cyber forensics and investigation. For the complete agenda, click here.

Yusuph Kileo recently received the cybersecurity expert of the year award in Nairobi Kenya. He is cyber security and digital forensics expert on the National Cybersecurity Forum (Tanzania) and a board member of the Africa ICT Alliance (AfICTA). Kileo will be speaking at the ITWeb Security Summit 2017 in May on incident management, cyber forensics and investigation. He gives a broad overview of his presentation:

"We live in a most exciting time in human history due to the rapid advance of technology and the rise of the Internet of things. It is the sad fact that the rise of cyber threats increases at the same rate.

"Computers have been used to commit crimes and these crimes are recorded on computers. These include company policy violations, embezzlement, e-mail harassment, murder, leaks of proprietary information, and even terrorism. Law enforcement, network administrators, attorneys and private investigators now rely on the skills of professional computer forensics experts to investigate criminal and civil cases.

"We have reached a point where the question is no longer if you can be attacked but when will you be attacked. We have witnessed massive attacks on big organisations with good protection mechanisms. Some have been attacked by kids whom no one ever expected.

"These attacks often occur very rapidly and the time to discover those attacks remains very long - discovery of some attacks has taken months and even years. Discovering these attacks is big challenge but not having the right skill set to do a proper incident management and digital forensics within organisations leads to another bigger challenge: not finding those behind these attacks.

"Most investigations fail at the organisational level and the saddest part is our law enforcers fail to produce the result required in most cases. Based on my experience, the problem always begins at the initial point of securing and evaluating the electronic crime scene.

"Another growing challenge is proper collections of this evidence - we tend to forget that if the collection of digital evidence goes wrong, everything else will follow suit and the end result will be inaccurate.

"Much has to be done to improve how we do digital forensics investigations. Professional conduct should be maintained and the result should be the same no matter how many times the investigation is repeated. This can only be achieved by documenting everything from the initial point and maintaining a proper chain of custody.

"The main aim of digital forensics investigation is to bring the actual person behind the cyber-attack to book. With this in mind an expert witness remains a very important fact to consider. The one who can make the court understand and help it to provide a proper judgment."